nixos-module/container/anon: setup shaping

2021-04-06 19:32:25 +02:00 · 2021-04-06 19:32:25 +02:00 · 436ceab45e
parent 0a03be1469
commit 436ceab45e
3 changed files with 17 additions and 1 deletions
--- a/nix/lib/config/legacy.nix
+++ b/nix/lib/config/legacy.nix
@ -92,6 +92,7 @@ in
        in {
          role = "container";
          location = "server2";
+
          interfaces =
            builtins.mapAttrs (net: interface:
              renameAttr "gw" "gw4"
@ -115,7 +116,9 @@ in
                addresses = builtins.filter builtins.isString (
                  builtins.split "[, ]+" wgData.addr
                );
+                upBandwidth = ctPillar.upstream.up-bandwidth;
              }) ctPillar.wireguard-instances);
+
          ospf =
            let
              hostPillar = self.lib.saltPillarFor name;
@ -125,6 +128,7 @@ in
            } // lib.optionalAttrs (hostPillar ? ospf && ospfConf ? stubnets-inet6) {
            stubNets6 = ospfConf.stubnets-inet6;
            };
+
          forwardedPorts =
            if ctPillar ? port-forwarding
            then map ({ proto, port, to }: {
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -196,6 +196,9 @@ let
              addresses = mkOption {
                type = listOf str;
              };
+              upBandwidth = mkOption {
+                type = with types; nullOr int;
+              };
            };
          }
        ));
--- a/nix/nixos-module/container/anon.nix
+++ b/nix/nixos-module/container/anon.nix
@ -58,8 +58,17 @@ in
    addresses = map (addr: {
      addressConfig.Address = addr;
    }) wireguard.addresses;
+
+    networkConfig.DefaultRouteOnDevice = true;
+
+    extraConfig = ''
+      [CAKE]
+      Parent = root
+      # DOCSIS overhead
+      OverheadBytes = 18
+      Bandwidth = ${toString wireguard.upBandwidth}K
+    '';
  }) tunnels;
-  # TODO: gw4, gw6

  networking.nat = lib.optionalAttrs (firstTunnel != null) {
    enable = true;